Earlier today we’ve posted to Quora in order to answer a question regarding “privacy policies for a startup website in India”. Since we haven’t written about this topic on this blog before, I thought we could also cross-post and reiterate on privacy policies and India here.

Where do I find rules regarding privacy policies in India?

The required contents for that privacy policy

From these aforementioned Rules you can get the main structure of what is wanted:

Corporate bodies (or any person, on behalf of such a body) that collect, receive, possess, store, deal or handle information, shall provide a privacy policy that discloses its practices regarding the handling and disclosure of personal information including sensitive personal information and ensure that the policy is available for viewing, including on the website of the corporate body (or the person acting on its behalf).

Specifically, the corporate body must ensure that the person to whom the information relates is notified of the following at the time of collection of sensitive personal information or other personal information (read the details in Rule 4 here):

Privacy policy contents under the Information Technology Rules, 2011:

clear and easily accessible statements of its practices and policies

type of personal or sensitive personal data or information collected under rule 3)

purpose of collection and usage of such information

disclosure of information including sensitive personal data or information as provided in rule 6)

reasonable security practices and procedures as provided under rule 8.

Also, make sure the people who are concerned (the people whose data is collected) know about

the fact that the information is being collected;

the purpose for which the information is being collected;

the intended recipients of the information, and

the name and address of the agency that is collecting the information and the agency that will retain the information

The software, materials and assistance provided by iubenda have the only purpose of helping users with compliance regarding their legal requirements. In particular, the templates iubenda provides are generated automatically, yet every word of our template has been written and continuously revised by a skilled legal team. However, as can be easily understood, nothing can substitute a professional legal consultancy in the drafting of your privacy policy, cookie policy or of any other legal document or compliance procedure. Our service does its best to provide you with a starting point, like an extremely sophisticated templates book, but even if we strive to provide the best assistance possible, we cannot guarantee any conformity with the law, which only a lawyer can do. Nothing on this site, therefore, shall be considered legal advice and no attorney-client relationship is established. Please note that in some cases, depending on your legislation, further actions may be required to make your activity compliant with the law.